Wednesday, April 11, 2012

This opinion rejects a broad expansive reading of the Computer Fraud and Abuse Act (CFAA), 18 USC 1030, and adopts a narrow reading that criminalizes improper access (hacking) but not misuse. The case here concerned an employee who violated a company's confidential use of information policy to transfer trade information to a rival. The defendant argued that the CFAA targeted hackers, not individuals with authorized access. The 9th, here, agreed, widening a circuit split. Examining the statute, and language, the 9th construed the language to follow the intent against hackers or those who are not supposed to have access. The government's argument that it would never ever try to use this statute in an overbroad manner (but see money-laundering etc.) was unpersuasive and its reading of the language strained. The dissent concentrated not on the parade of horribles imagined by the majority, but focused on the facts in this case, where employees violated policy to take what was not their's and give valuable information to a rival. The dissent regards the statute as plainly written, and not strained, and written in an expansive manner to apply to situations like this.